How can Exchange 5.5 mailboxes be accessed after users and groups have been migrated to a new domain (NETIQKB4323)

  • 7704323
  • 02-Feb-2007
  • 08-Sep-2008


How can Exchange 5.5 mailboxes be accessed after users and groups have been migrated to a new domain using DMA?

Domain Migration Administrator 7.x


SID History will provide access in the short term, but before you complete your migration, the Exchange 5.5 mailboxes need to be re-ACLed / translated so that the migrated account's SID will have permission to use the existing mailboxes.  This is done using the 'Translate Security for Exchange Mailboxes' wizard within the DMA console.

Domain Migration Administrator allows you to change Microsoft Exchange Security Descriptors that reference one user account or group in the source domain to reference another user account or group with the same name in a target domain. This process is known as re-ACLing or security translation.  Domain Migration Administrator processes security descriptors on Exchange mailboxes, distribution lists, custom recipients, organizations, sites, public folders, and containers, as well as the primary Windows NT account for each mailbox.

When you copy a user account or group from domain A to domain B, a new account is created in domain B. This new account has the same name as the original account in domain A, but this new account has a different SID. Domain Migration Administrator changes the security descriptors for Exchange components to refer to the SID for the new / migrated account in domain B. This process ensures the new user account or group membership provides the same access to Exchange components that the original user account or group provided.

If Domain Migration Administrator finds a SID from the source domain that it cannot resolve, such as a SID for a user account that does not have a matching user account in the target domain, Domain Migration Administrator leaves the SID unchanged.

To translate security for Exchange mailboxes, please follow these steps:

  1. Click Domain Migration Administrator in the left pane of the main DMA interface.
  2. Click Translate Security for Exchange Mailboxes in the right pane of the main window.
  3. Follow the instructions until you have finished resolving the related Exchange directory issues. For more information about an option, click Help.

This wizard is also available within a Project.

This procedure is included in Chapter 7 of the Domain Migration Administrator User Guide.

Additional Information

Formerly known as NETIQKB4323